General
-
Target
3d3bdb62d964dd7599b2e5a48a79a1d6.bin
-
Size
2.2MB
-
Sample
240415-bg49nsdb9w
-
MD5
c9112c0d8618f24a0f63b983c1578cc3
-
SHA1
4191defe9fae24a125dcbd0ecdf62eaf5ef2d226
-
SHA256
5261a4157fe8306e44b6a8204a0ec9971bb1a27cbeb5c384398b8d6a678da3c0
-
SHA512
56a31605502f86054e5a3fd4f31e56a7c95532ce329d02b4be0122e9a824044120546c42e35950456a4a8c87cb61c91b8cc210b8c3f9af5657b35b900f22e062
-
SSDEEP
49152:5P0vXHcfdnYNfb1EDUiXnEZoqQxm/29IYlGhMz61tkfnh:uX8fdueDUiXnYClGhMz4tkp
Static task
static1
Behavioral task
behavioral1
Sample
a0ef2b6290c1ea34de86e628bb7d492808fe06acea5055faaaa7ba4ff88ca398.exe
Resource
win7-20240221-en
Malware Config
Extracted
risepro
147.45.47.93:58709
Targets
-
-
Target
a0ef2b6290c1ea34de86e628bb7d492808fe06acea5055faaaa7ba4ff88ca398.exe
-
Size
2.2MB
-
MD5
3d3bdb62d964dd7599b2e5a48a79a1d6
-
SHA1
0974dcaf226218fd933dd42d3045c600195bc942
-
SHA256
a0ef2b6290c1ea34de86e628bb7d492808fe06acea5055faaaa7ba4ff88ca398
-
SHA512
130f023b7a8a2af9826a0384d061c76972decf9670b8af3aed4224a86f506ec8beef7b0158b4f9c2f95e0b748ee83b324f82c546d814577a3fc1c86514bd3193
-
SSDEEP
49152:OSUl6vD5DxN6HHLJ9twVYhUjuW7IGWOGmcGACFvXO8KijF8RUWzG4:OSSwD5Dxk+1WOGojZTjF8uWz
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-